SSL Performance Problems
|
|
- Alban McCormick
- 8 years ago
- Views:
Transcription
1 ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation Firewall Comparative Analysis Reports (NGFW CARs). As part of the analysis, NSS assessed the performance of client- side secure sockets layer (SSL) decryption in seven of the eight NGFWs that were included in that voluntary group test. The resulting impacts on performance of SSL decryption when included as a feature within the NGFW, or when offloaded to a separate SSL appliance, were significant. NSS research showed that 25% 35% of enterprise traffic is SSL and, depending on the industry vertical, the percentage of SSL traffic can reach as high as 70%. NSS research also found that 2048b ciphers caused a mean average of 81% in performance loss across all vendors tested. Certificate authorities are intending to cease issue of 1024 bit ciphers and will move to 2048 bit ciphers by December 31, Although the performance numbers are cause for concern, the presence of malware within encrypted channels is a real, albeit relatively small, threat in enterprise environments that warrants decryption and scanning as a best practice. Figure 1 displays the aggregated results from the vendor tests. Figure 1 SSL Performance Impacts on Bandwidth and Transaction per Second Loss
2 NSS Labs Findings The average proportion of SSL traffic within a typical enterprise is 25% 35%. The NSS threat database 1 has uncovered a small percentage (~1%) of malware using SSL. NSS research indicates that the majority of threats that are using SSL as a transport fall under the targeted persistent attack (TPA) category. The mean average of performance loss across 7 NGFW s: ~74% with 512b and 1024b ciphers ~81% with 2048b ciphers. The mean average of transactions per second (TPS) loss across 7 NGFW s: ~86.80% with a 512b cipher ~87.79% with a 1024 cipher ~92.28% with a 2048 cipher The Sourcefire NGFW had the highest rated TPS performance. However, Sourcefire was the only vendor that used a dedicated SSL appliance. The Dell SonicWALL SuperMassive E10800 NGFW had the highest rated TPS performance with onboard SSL decryption. Juniper was rated the best with regards to performance loss and reduction in TPS. All vendors had significant performance issues and TPS loss with 2048b ciphers. NSS has concerns for the viability of SSL inspection in enterprise networks without the use of dedicated SSL decryption devices. 1 Our database is a collection of malware samples that are collected in real- time from around the world. 2
3 NSS Labs Recommendations Enterprises are advised to review the performance ratings of SSL, in order to decide which platform meets their performance requirements. Additionally, NSS recommends that a platform be tested before a purchasing decision is made. Enterprises should measure the SSL traffic in their current network environment in order to allow for future capacity planning. An average yearly increase of ~20% in SSL traffic should be expected. 2 Consideration should only be given to products that support the creation of rules for bypassing SSL decryption based on URL categories, such as healthcare, banking, and mobile apps that contain sensitive and personal information. Depending on an organization s network traffic, this could substantially reduce performance loss and assist with an organization s compliance with national privacy laws. Enterprises should seek to offset the SSL risk by deploying endpoint security solutions and breach detection solutions that are behavior- based, and that are able to detect command and control (C&C) and malware callbacks via SSL. Enterprises should educate users about the dangers of accepting a self- signed and non- valid certificate, in the same way they would educate about SPAM and phishing
4 Table of Contents Overview... 1 NSS Labs Findings... 2 NSS Labs Recommendations... 3 Analysis... 5 SSL and the Enterprise... 5 SSL and the Adversary NGFW SSL Performance CAR... 7 Vendor Performance Numbers... 9 Check Point Dell SonicWALL SuperMassive E Fortinet Fortigate- 3600C Juniper SRX Palo Alto Networks PA Sourcefire 8250 & Sourcefire Stonesoft Reading List Contact Information Table Of Figures Figure 1 SSL Performance Impacts on Bandwidth and Transaction per Second Loss... 1 Figure 2 Key Strength Distribution... 6 Figure 3 Decryption Times of Ciphers on 2GHz Pentium... 6 Figure 4 SSL Performance Impacts on Bandwidth... 8 Figure 5 SSL Transaction per Second Loss... 8 Figure 6 Check Point Figure 7 Dell SonicWALL SuperMassive E Figure 8 Fortinet Fortigate- 3600C Figure 9 Juniper SRX Figure 10 Palo Alto Networks PA Figure 11 Sourcefire Figure 12 Sourcefire Figure 13 Stonesoft
5 Analysis During a recent analysis of NGFWs, NSS verified the performance impacts of client- side SSL inspection, and the results showed considerable room for improvement. This raises concerns for the viability of SSL inspection in enterprise networks without the use of dedicated SSL decryption devices. NSS research has found that the use of HTTPS has risen significantly over the past few years; web browser- based applications such as Facebook and Twitter, 3 and search engines such as Google are enabling SSL by default as a result of privacy and security concerns. Additionally, users increasingly have the ability to install browser add- ons that can force the use of HTTPS within popular web browsers such as Safari, Chrome, Internet Explorer and Firefox. These extensions force the browser to only access HTTPS first. It is the ultimate irony that the increasing use of SSL in an attempt to make our on- line lives more secure actually reduces security on the corporate network by creating blind spots for corporate security infrastructures. HTTPS has been used for secure web communications on the Internet for almost two decades, but it is only recently that network security vendors have begun including HTTPS as a feature. This is in response to client requirements regarding regulatory compliance, search engines and web/mobile applications that are utilizing SSL by default and, most importantly, in response to malware that is using SSL as a transport to evade network detection devices. SSL and the Enterprise NSS research on the use of HTTPS reveals that within any given enterprise the current percentage of outbound network traffic that is SSL/TLS encrypted is about 25% 35%. Performance issues relating to SSL can be attributed to several factors, but the most significant is the length of the certificate key. The larger the key, the more computing power is required to decrypt it. Trustworthyinternet.org has a global dashboard known as SSL Pulse that extracts close to 200,000 well known SSL websites from Alexa, 4 a company which provides analytics on ~1.5 million websites. The most recent report from SSL Pulse shows that out of 172,537 SSL websites surveyed, 91.1% were using 2048 bit ciphers 5. This information, when viewed alongside the significant declines in performance and transaction rates that were observed during testing, questions the wisdom of enabling SSL. 3 adds- ssl- security/ pulse/ 5
6 Figure 2 Key Strength Distribution Performing HTTPS decryption inline on a NGFW device, or on any security device that is performing deep packet inspection is a significant undertaking. Figure 3 shows the performance impacts (in milliseconds) that the various ciphers have on a 2GHz Pentium processor. Figure 3 Decryption Times of Ciphers on 2GHz Pentium 6 NSS predicts that the default ciphers will increase in length, which will require more computing power. The standard default cipher that is acceptable today is 1024b and, according to NIST Special Publication 800-5, the 6 6
7 standard default cipher of 2048b will be required by December 31, Anything below 2048b should be transitioned to the new standard. 7 NSS testing results indicate that this will be an issue for most network security vendors. SSL and the Adversary Many attack vectors may be used to compromise an asset, and blind spots within an infrastructure help attackers to evade detection. The following methods may be used: Drive- by malware sites using HTTPS C&C s that communicate via SSL Malware with SSL callbacks Recent research on the NSS threat database found that while it is only a small percentage (~1%) of malware that is using SSL, this malware is highly sophisticated. These methods of attack pose real risks to an organization s infrastructure. Additionally, network security devices that lack the ability to inspect SSL traffic allow attackers to remain undetected by network monitoring. Some of the attack methods listed above would require the end user to accept a SSL certificate. It can certainly be argued that sophisticated users will not click and accept a SSL certificate, and that seasoned security professionals will not accept either a self- signed certificate or one that is accompanied by a warning banner stating that the web browser can not verify the identity of a website. However, most users will not realize the real risk and will click and accept. To illustrate this point, a recent infographic 8 on Get Cyber Safe, a web site dedicated to educating users on Internet security, showed that 16 million s per day pass undetected through spam filters, 8 million of these are opened, and more than 800,000 users will click on the malicious links contained within these s NGFW SSL Performance CAR Earlier this year, NSS released a NGFW comparative analysis report that detailed the results of SSL performance testing of Check Point, Dell SonicWALL, Fortinet, Juniper, Palo Alto Networks, SourceFire and Stonesoft. The following analysis examines the vendor s ability to intercept, decrypt, process, and re- encrypt HTTPS traffic at network loads of varying size and varying connections per second, with SSL inspection enabled. Through the creation of genuine, session- based HTTPS traffic with varying session lengths, the vendor is forced to track valid TCP sessions, thus ensuring a higher workload than for simple packet- based background traffic. This provides a test environment that is as close to real world as it is possible to achieve in a lab environment, while still ensuring accuracy and repeatability. 7 management_dec2009.pdf eng.aspx eng.aspx 7
8 Each transaction consists of a SSL handshake followed by a single HTTP(S) GET request, and there are no transaction delays (the Web server responds immediately to all requests). All packets contain valid payload (a mix of binary and ASCII objects) and address data, and the test represents a live network (albeit one that is biased towards HTTPS traffic) at various network loads. Figure 4 and Figure 5 provide a consolidated view of the vendor results. Figure 4 SSL Performance Impacts on Bandwidth Figure 5 SSL Transaction per Second Loss 8
9 Vendor Performance Numbers Check Point The Check Point NGFW is currently performance rated at 5Gbps by Check Point. During SSL performance testing, the actual performance was rated at 4.22Gbps. It was also noted that the TPS versus the megabits per second (Mbps) remained relatively consistent with the 512b and 1024b ciphers. NSS anticipated a linear drop in performance and TPS as the ciphers doubled in size, but this was not the case. The 2048b cipher caused a decrease in TPS of 300, but performance was maintained at 550 Mbps. This is an 87 percent reduction from the vendor advertised performance. Dell SonicWALL SuperMassive E10800 Figure 6 Check Point The Dell SonicWALL SuperMassive E10800 NGFW is currently performance rated by the vendor at 12Gbps. During NSS testing, the actual performance was rated at 16.6Gbps. There was an expected linear reduction in TPS versus Mbps. The performance decrease between 512b and 1024b was marginal, but there was a significant performance loss at 2048b. Impact on performance for tested ciphers: 84% w/512b 85% w/1024b 94% w/2048b Figure 7 Dell SonicWALL SuperMassive E
10 Fortinet Fortigate- 3600C The Fortinet Fortigate- 3600C NGFW is currently performance rated by the vendor at 60Gbps. During NSS testing, the actual performance was rated at 7,580Mbps. The expectation of a linear drop in TPS versus Mbps was constant as the cipher strengths increased. The performance decreases across all ciphers were marginal, but the overall performance impact was the greatest across all vendors. Impact on performance for tested ciphers: % w/512b % w/1024b % w/2048b Juniper SRX3600 Figure 8 Fortinet Fortigate- 3600C The Juniper SRX3600 NGFW is currently performance rated by the vendor at 11Gbps. During NSS testing, the actual performance was rated at 3.3Gbps. Juniper performed the best out of all the vendors with the lowest performance degradation. Additionally, Juniper demonstrated the highest throughput with 1024b and 2048b ciphers with onboard SSL. The TPS versus Mbps did not follow the anticipated linear reduction that was common with other products. Impact on performance for tested ciphers: 34% w/512b 13% w/1024b 36% w/2048b Figure 9 Juniper SRX
11 Palo Alto Networks PA The Palo Alto Networks PA NGFW is currently performance rated by the vendor at 2Gbps. During NSS testing, the actual performance was rated at 2.3Gbps. The TPS versus Mbps followed a linear reduction with marginal performance degradation between 1024b and 2048b ciphers. Impact on performance for tested ciphers: 66% w/512b 78% w/1024b 79% w/2048b Sourcefire 8250 & Sourcefire 8290 Figure 10 Palo Alto Networks PA The Sourcefire 8250 NGFW is currently performance rated by the vendor at 10Gbps. During NSS testing, the actual performance was rated at 12.9Gbps. The Sourcefire 8250 was the only vendor that utilized a dedicated SSL appliance during testing. The TPS achieved were the highest of all the devices tested. Impact on performance for tested ciphers: 77.13% w/512b 77.52% w/1024b 82.95% w/2048b Figure 11 Sourcefire
12 The Sourcefire 8290 NGFW is currently performance rated by the vendor at 40Gbps. During NSS testing, the actual performance was rated at 52.3Gbps. The TPS and Mbps remained the same as the This is not a reflection of the performance capabilities of the 8250 and 8290, but rather of the processing limitation of the dedicated SSL appliance. Impact on performance for tested ciphers: % w/512b % w/1024b % w/2048b Stonesoft 3202 Figure 12 Sourcefire 8290 The Stonesoft 3202 NGFW is currently performance rated by the vendor at 3Gbps. During NSS testing, the actual performance was rated at 2.7Gbps. The TPS and the Mbps followed the predictive linear reduction as the cipher strength increased. Impact on performance for tested ciphers: 54% w/512b 60% w/1024b 76% w/2048b Figure 13 Stonesoft
13 Reading List The Targeted Persistent Attack (TPA) The Misunderstood Security Threat Every Enterprise Faces. NSS Labs brief- targeted- persistent- attack- tpa- misunderstood- security- threat- every- enterprise 2013 Next Generation Firewall Comparative Analysis. NSS Labs next- generation- firewall- comparative- analysis 13
14 Contact Information NSS Labs, Inc. 206 Wild Basin Rd Building A, Suite 200 Austin, TX USA +1 (512) This analyst brief was produced as part of NSS Labs independent testing information services. Leading products were tested at no cost to the vendor, and NSS Labs received no vendor funding to produce this analyst brief NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this report is conditioned on the following: 1. The information in this report is subject to change by NSS Labs without notice. 2. The information in this report is believed by NSS Labs to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at the reader s sole risk. NSS Labs is not liable or responsible for any damages, losses, or expenses arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON- INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet the reader s expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. 14
2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles
FIREWALL COMPARATIVE ANALYSIS Performance 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL NSA 4500,
More informationNEXT GENERATION FIREWALL COMPARATIVE ANALYSIS
NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda F800b Check Point 13500 Cisco ASA 5525-X Cisco ASA 5585-X SSP60 Cisco FirePOWER
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security Value Map (SVM) 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview
More information2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles
FIREWALL COMPARATIVE ANALYSIS Total Cost of Ownership (TCO) 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested s Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationInternet Advertising: Is Your Browser Putting You at Risk?
ANALYST BRIEF Is Your Browser Putting You at Risk? PART 2: CLICK FRAUD Authors Francisco Artes, Stefan Frei, Ken Baylor, Jayendra Pathak, Bob Walder Overview The US online advertising market in 2011 was
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Total Cost of Ownership () 2014 Thomas Skybakmoen, Jason Pappalexis Tested s Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview
More informationENTERPRISE EPP COMPARATIVE ANALYSIS
ENTERPRISE EPP COMPARATIVE ANALYSIS Socially Engineered Malware Randy Abrams, Jayendra Pathak, Ahmed Garhy Tested Products Fortinet Fortigate 100D Management station Forticlient- 5.0.7.333 McAfee VirusScan
More informationEvolutions in Browser Security
ANALYST BRIEF Evolutions in Browser Security TRENDS IN BROWSER SECURITY PERFORMANCE Author Randy Abrams Overview This analyst brief aggregates results from NSS Labs tests conducted between 2009 and 2013
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Data Center Overview
More informationIs the Security Industry Ready for SSL Decryption?
Is the Security Industry Ready for SSL Decryption? SESSION ID: TECH-R01 John W. Pirc Chief Technology Officer NSS Labs Inc. @jopirc David DeSanto Director, Product Management NSS Labs Inc. @david_desanto
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationENTERPRISE EPP COMPARATIVE REPORT
ENTERPRISE EPP COMPARATIVE REPORT Security Stack: Socially Engineered Malware Authors Bhaarath Venkateswaran, Randy Abrams, Thomas Skybakmoen Tested Products Bitdefender Endpoint Security v5.3.15.539 ESET
More informationInternet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos
More informationWEB APPLICATION FIREWALL COMPARATIVE ANALYSIS
WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda Networks Web Application Firewall 960 Citrix NetScaler AppFirewall MPX 11520 Fortinet
More informationAchieve Deeper Network Security and Application Control
Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet
More informationHow To Sell Security Products To A Network Security Company
Market Segment Definitions Author Joshua Mittler Overview In addition to product testing, NSS Labs quantitatively evaluates market size for each of the product categories tested. NSS provides metrics that
More informationHow To Create A Firewall Security Value Map (Svm) 2013 Nss Labs, Inc.
FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) 2013 Frank Artes, Thomas Skybakmoen, Bob Walder, Vikram Phatak, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG,
More informationAchieve Deeper Network Security
Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order
More informationAn Old Dog Had Better Learn Some New Tricks
ANALYST BRIEF An Old Dog Had Better Learn Some New Tricks PART 2: ANTIVIRUS EVOLUTION AND TECHNOLOGY ADOPTION Author Randy Abrams Overview Endpoint protection (EPP) products are ineffective against many
More informationMobile App Containers: Product Or Feature?
ANALYST BRIEF Mobile App Containers: Product Or Feature? APPLE AND SAMSUNG HAVE TAKEN BIG STEPS WITH CONTAINERIZATION Author Andrew Braunberg Overview Secure workspaces, or containers, used for isolating
More informationBROWSER SECURITY COMPARATIVE ANALYSIS
BROWSER SECURITY COMPARATIVE ANALYSIS Privacy Settings 2013 Randy Abrams, Jayendra Pathak Tested Vendors Apple, Google, Microsoft, Mozilla Overview Privacy is an issue on the front lines of the browser
More informationCORPORATE AV / EPP COMPARATIVE ANALYSIS
CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,
More informationNEXT GENERATION FIREWALL COMPARATIVE ANALYSIS
NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS Security Author Thomas Skybakmoen Tested Products Barracuda F800b Check Point 13500 Cisco ASA 5525-X Cisco ASA 5585-X SSP60 Cisco FirePOWER 8350 Cyberoam CR2500iNG-XP
More informationMultiple Drivers For Cyber Security Insurance
ANALYST BRIEF Multiple Drivers For Cyber Security Insurance EXPECTATIONS PLACED ON INSURANCE CARRIERS RISE WITH MARKET GROWTH Author Andrew Braunberg Overview There has been considerable good news for
More informationTEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0
TEST METHODOLOGY Hypervisors For x86 Virtualization v1.0 Table of Contents 1 Introduction... 4 1.1 The Need For Virtualization... 4 1.2 About This Test Methodology And Report... 4 1.3 Inclusion Criteria...
More informationWhy Is DDoS Prevention a Challenge?
ANALYST BRIEF Why Is DDoS Prevention a Challenge? PROTECTING AGAINST DISTRIBUTED DENIAL-OF-SERVICE ATTACKS Authors Andrew Braunberg, Mike Spanbauer Overview Over the past decade, the threat landscape has
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationFirewall Sandwich. Aleksander Kijewski Presales Engineer Dell Software Group. Dell Security Peak Performance
Firewall Sandwich Aleksander Kijewski Presales Engineer Dell Software Group 1 Many of your users web sessions are encrypted with HTTPS 2 Many of your users web sessions are encrypted with HTTPS and so
More informationHigh Performance NGFW Extended
High Performance NGFW Extended Enrique Millán Country Manager Colombia emillan@fortinet.com 1 Copyright 2013 Fortinet Inc. All rights reserved. D I S C L A I M E R This document contains confidential material
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationWEB APPLICATION FIREWALL PRODUCT ANALYSIS
WEB APPLICATION FIREWALL PRODUCT ANALYSIS F5 Big-IP ASM 10200 v11.4.0 Authors Ryan Liles, Orlando Barrera Overview NSS Labs performed an independent test of the F5 Big-IP ASM 10200. The product was subjected
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationWhy it's time to upgrade to a Next Generation Firewall. Dickens Lee Technical Manager
Why it's time to upgrade to a Next Generation Firewall Dickens Lee Technical Manager Dell History 2 Confidential Dell s legacy Became leading provider of subscription services on optimized appliances Shipped
More informationNext-Generation Firewalls: CEO, Miercom
Next-Generation Firewalls: Results from the Lab Robert Smithers Robert Smithers CEO, Miercom Agenda Participating i Vendors and Products How We Did It Categories of Products Tested About the Technology
More informationHow To Get A Fortinet Security System For Free
Fortinet FortiGate Appliances Earn Coveted Recommend Ratings from NSS Labs in Next Generation Firewall, IPS, and Network Firewall in NSS Labs Group Tests Fortinet s Enterprise-Class Triple Play Fortinet
More informationHow to Build a Massively Scalable Next-Generation Firewall
How to Build a Massively Scalable Next-Generation Firewall Seven measures of scalability, and how to use them to evaluate NGFWs Scalable is not just big or fast. When it comes to advanced technologies
More informationThe CISO s Guide to the Importance of Testing Security Devices
ANALYST BRIEF The CISO s Guide to the Importance of Testing Security Devices Author Bob Walder Overview Selecting security products is a complex process that carries significant risks if not executed correctly;
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationHow to Protect against the Threat of Spearphishing Attacks
ANALYST BRIEF How to Protect against the Threat of Spearphishing Attacks Author Randy Abrams Overview NSS Labs researchers have identified spearphishing as the most common targeted method sophisticated
More informationStallion SIA Seminar 2.12.2015 PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager
Stallion SIA Seminar 2.12.2015 PREVENTION FIRST Introducing the Enterprise Security Platform Sami Walle Regional Sales Manager CYBER THREATS ARE GETTING MORE ADVANCED Advanced Persistent Threat Uses a
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationExecutive Brief on Enterprise Next-Generation Firewalls
Executive Brief on Enterprise Next-Generation Firewalls How security technology can reduce costs, improve compliance and increase employee productivity Enterprise Next-Generation Firewalls protect businesses
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationTEST METHODOLOGY. Web Application Firewall. v6.2
TEST METHODOLOGY Web Application Firewall v6.2 Table of Contents 1 Introduction... 4 1.1 The Need for Web Application Firewalls... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion Criteria...
More informationUncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection WHITE PAPER
Uncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection WHITE PAPER Table of Contents Executive Summary... 3 The Current State of Insecurity... 3 Existing Security Solutions Can t Hack It...
More informationNETWORK FIREWALL PRODUCT ANALYSIS
NETWORK FIREWALL PRODUCT ANALYSIS Fortinet 800c FortiOS v4.3.8 build632 2012 1 Introduction Firewall technology is one of the largest and most mature security markets. Firewalls have undergone several
More informationInspection of Encrypted HTTPS Traffic
Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents
More information4 Delivers over 20,000 SSL connections per second (cps), which
April 21 Commissioned by Radware, Ltd Radware AppDirector x8 and x16 Application Switches Performance Evaluation versus F5 Networks BIG-IP 16 and 36 Premise & Introduction Test Highlights 1 Next-generation
More informationTEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0
TEST METHODOLOGY Distributed Denial-of-Service (DDoS) Prevention v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Distributed Denial-of-Service Prevention... 4 1.2 About This Test Methodology
More informationWhite Paper A10 Thunder and AX Series Load Balancing Security Gateways
White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its
More informationThe Evolving Threat Landscape and New Best Practices for SSL
The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...
More information10 easy steps to secure your retail network
10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015
More informationBlind as a Bat? Supporting Packet Decryption for Security Scanning
Sponsored by VSS Monitoring Blind as a Bat? Supporting Packet Decryption for Security Scanning November 2012 A SANS Whitepaper Written by: Dave Shackleford Options for SSL Inspection Page 2 Implementing
More informationTEST METHODOLOGY. Network Firewall Data Center. v1.0
TEST METHODOLOGY Network Firewall Data Center v1.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls In The Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion
More information5 ½ Things That Make a Firewall Next Gen WHITE PAPER
5 ½ Things That Make a Firewall Next Gen WHITE PAPER 5 ½ Things That Make a Firewall Next Gen Table of Contents Introduction 3 #1: Application Awareness and Control 3 #2: User Identity Awareness and Control
More informationELECTRONIC RECORDS DISCLOSURE AND AGREEMENT READ AND SCROLL DOWN PLEASE READ THIS AGREEMENT CAREFULLY AND KEEP A COPY FOR YOUR RECORDS.
Rev. 11/2014 ELECTRONIC RECORDS DISCLOSURE AND AGREEMENT READ AND SCROLL DOWN PLEASE READ THIS AGREEMENT CAREFULLY AND KEEP A COPY FOR YOUR RECORDS. Introduction. As used in this agreement the words we,
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More informationHow Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail
How Fail Today s Networks And Why Will Prevail Why your current firewall may be jeopardizing your security, and how you can counter today s threats, manage web 2.0 apps and enforce acceptable-use policies.
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationSecuring Amazon It s a Jungle Out There
ANALYST BRIEF Securing Amazon It s a Jungle Out There PART 1 CONTROLS AND OPTIONS OFFERED BY AMAZON Author Rob Ayoub Overview Infrastructure as a service (IaaS) is a foundational component of modern cloud
More informationDell One Identity Cloud Access Manager 8.0 - How to Configure vworkspace Integration
Dell One Identity Cloud Access Manager 8.0 - How to Configure vworkspace Integration February 2015 This guide describes how to configure Dell One Identity Cloud Access Manager to communicate with a Dell
More informationVoya Financial Advisors, Inc. Registered Representative s Website Terms of Use
Voya Financial Advisors, Inc. Registered Representative s Website Terms of Use Welcome to our site. This page provides important information about use of this site and other legal matters. Please read
More informationThe Evolution of the Enterprise And Enterprise Security
The Evolution of the Enterprise And Enterprise Security Introduction Today's enterprise is evolving rapidly, with new technologies such as consumer-grade mobile devices, internet-based applications and
More informationAchieve deeper network security and application control
Achieve deeper network security and application control Page title appears here This is placeholder body copy. Ebit doloreici te quo volupta denestoria verem del erumquidit, sumquia nulparum num sandites
More informationUsing Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group
Using Self Certified SSL Certificates Paul Fisher Systems Consultant paul.fisher@quest.com Quest Software Desktop Virtualisation Group Quest Software (UK) Limited Ascot House Maidenhead Office Park Westacott
More informationCloud- Based Security Is Here to Stay
ANALYST BRIEF Cloud- Based Security Is Here to Stay HOSTED SECURITY IS BECOMING A PART OF THE SECURITY INFRASTRUCTURE Author Rob Ayoub Overview As the popularity of cloud- based services has grown, so
More informationTEST METHODOLOGY. Endpoint Protection Evasion and Exploit. v4.0
TEST METHODOLOGY Endpoint Protection Evasion and Exploit v4.0 Table of Contents 1 Introduction... 3 1.1 Inclusion Criteria... 3 2 Product Guidance... 5 2.1 Recommended... 5 2.2 Neutral... 5 2.3 Caution...
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationProtecting Your Network Against Risky SSL Traffic ABSTRACT
Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure
More informationWeb Security Firewall Setup. Administrator Guide
Web Security Firewall Setup Administrator Guide Web Security Firewall Setup Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,
More informationDOCUMENT REFERENCE: SQ309-002-EN. SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper. July 2015
DOCUMENT REFERENCE: SQ309-002-EN SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper July 2015 SAMKNOWS QUALITY CONTROLLED DOCUMENT. SQ REV LANG STATUS OWNER DATED 309 03 EN FINAL SC
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationA Massively Scalable Approach to Network Security
A Massively Scalable Approach to Network Security A super massively scalable network firewall that delivers strong performance and security at a low TCO Abstract As network security requirements have evolved,
More informationWHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)
WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary
More informationSoftware- Defined Networking: Beyond The Hype, And A Dose Of Reality
ANALYST BRIEF Software- Defined Networking: Beyond The Hype, And A Dose Of Reality Author Mike Spanbauer Overview Server virtualization has brought the network to its knees. Legacy architectures are unable
More informationNetwork Security Solution. Arktos Lam
Network Security Solution Arktos Lam Dell Software Group(DSG) 2 Confidential Trend Dell Software addresses key trends Cloud Big data Mobility Security Management Security 3 Software We deliver security
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More information2012 North American Enterprise Firewalls Market Penetration Leadership Award
2012 2012 North American Enterprise Firewalls Market Penetration Leadership Award 2012 Frost & Sullivan 1 We Accelerate Growth Market Penetration Leadership Award Enterprise Firewalls North America, 2012
More informationCompatibility Matrix. VPN Authentication by BlackBerry. Version 1.7.1
Compatibility Matrix VPN Authentication by BlackBerry Version 1.7.1 Published: 2015-07-09 SWD-20150709134854714 Contents Introduction... 4 Legend...5 VPN Authentication server... 6 Operating system...6
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationHTTPS Inspection with Cisco CWS
White Paper HTTPS Inspection with Cisco CWS What is HTTPS? Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (HTTP). It is a combination of HTTP and a
More informationWEB BROWSER SECURITY SOCIALLY-ENGINEERED MALWARE PROTECTION COMPARATIVE TEST RESULTS
WEB BROWSER SECURITY SOCIALLY-ENGINEERED MALWARE PROTECTION COMPARATIVE TEST RESULTS Apple Safari 5 Google Chrome 6 Windows Internet Explorer 8 Windows Internet Explorer 9 Mozilla Firefox 3.6 Opera 10
More informationUpsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery
WHITE PAPER Cost-Efficient SSL Application Delivery Upsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery Always On SSL Since 1994, enterprises looking to protect the security
More information43% Figure 1: Targeted Attack Campaign Diagram
TrendLabs Data exfiltration is the final stage of a targeted attack campaign where threat actors steal valuable corporate information while remaining undetected. 1 43% of most serious threats to the company
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationPortal Administration. Administrator Guide
Portal Administration Administrator Guide Portal Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationLab Testing Summary Report
Lab Testing Summary Report February 14 Report 132B Product Category: Web Security Gateway Vendor Tested: Key findings and conclusions: security appliance exhibits best rate to date, 91.3%, for classifying
More informationWHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)
WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationM86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: 5.0.00 Document Version: 02.01.12
M86 Web Filter USER GUIDE for M86 Mobile Security Client Software Version: 5.0.00 Document Version: 02.01.12 M86 WEB FILTER USER GUIDE FOR M86 MOBILE SECURITY CLIENT 2012 M86 Security All rights reserved.
More information